When you use a CRM, your nonprofit is putting your trust and data into the hands of another company’s system. A few months ago, you may have been notified of a data security breach that occurred within a database used by many nonprofit organizations. Hackers broke into their system and stole data from some of the most prominent organizations across the globe. Not only did the massive data breach put nonprofits in a tough spot, but donors were scared for their personal data.
Does that mean using a CRM puts your nonprofit's data security in a compromising position? No, and as a donor management software, we are doing everything we can to keep your data safe, secure, and accessible to your organization only. However, you can take extra steps to keep information safe and prevent data breaches.
So, in addition to finding a donor management software with exceptional data security, we recommend taking the following data security practices to keep your organization safe.
Keep Your Donor's Financial and Personal Data Safe
Your donors trust you with their information. If a data breach happens, it can take years for you to regain that trust and reputation back. Start by looking inside your organization and asking yourself, who has access to our data? Are there any potential risks to data security?
Restrict access to only those who need it, and use password managers and multifunction authenticators and ensure you are complying with General Data Protection Regulations. When choosing third-party payment processors, look into the steps they take to keep their data secure. Shop around and ask questions to find a provider that meets your standards.
Next, look at the health of your website. It’s necessary to have an SSL certificate to let visitors know they are on a trusted site in addition to a defense strategy. Installing an anti-virus, anti-malware, firewall and intrusion prevention systems will help keep your website in top shape.
Be Mindful When Handling Credit Cards To Prevent Data Loss
Never store credit card information in easily accessible places. If a donor calls to make a gift over the phone, input their data directly into your donor management system. Taking these steps is good practice to ensure no one has a chance to see your donor’s information or access it.
Being cautious doesn’t mean you can never write down another card number again, but in those situations, you have to be careful and dispose of it properly. Outline a policy for donations describing when it’s appropriate to write information down and how to destroy it.
Cybersecurity poses another risk for a data breach. Emails are not as secure as you may think, so it’s crucial never to send sensitive information. Anyone with access to your nonprofit's server can see your mail, including deleted messages from both you and your donor.
Keep Electronic Data Safe With Secure Passwords
We all have that one password we use for everything, but that can be a huge liability for your organization. You must be practicing healthy password habits when it comes to your donor’s information. We implement a 2-factor authentication process for our clients, for this reason, to make sure organizations are protected and prevent any data breaches.
A strong password will include letters, numbers and symbols, and although it may not be most comfortable to remember, it will help deter others from trying to take a pass at your account. Don’t use the same password for everything and encourage donors to do the same.
Have a Cyber Breach Response Plan
Few nonprofit organizations have a security breach plan in place, but it can save your organization big time in case of an emergency. A data breach impacts donors just as much as you, and they will feel better knowing you have a plan in case of a cyber security breach.
Organizations should always be honest and upfront with their donors. If a security breach were to occur, the first thing your nonprofit should do is access the damage. What data was lost, and who was responsible for the breach? Know how you will let your staff, donors and board know.
No one should be left in the dark, and communication with them should be transparent. Your staff should be notified of a data security breach as soon as possible. When delivering the news to your donors, tell them how they have been affected and what you will do to prevent another data security breach from happening.
Conclusion
In addition to finding a trusted CRM, implement safe data practices in your organization. This should also include
- Having staff install anti-malware on their work computers as well as the ones you use in the office.
- Implement cybersecurity training on how to stop hacks and improve electronic data security
- Routinely checking your PCI Compliance and,
- Only use secure internet sources with a VPN
As a data CRM, we use AWS to ensure that our client’s data is safe under standard government security both online and in the server’s physical locations. We routinely check our data security standards and encourage you to do the same. You can read more about our security persuasions by reading about how our software is different.